Use Istio to deploy the Bookinfo application in a self-managed Kubernetes cluster - Elastic Container Instance

Istio is an open source service mesh that provides traffic management, observability, security, and policy capabilities. Istio that is integrated with Kubernetes can help you better manage and control container applications and improve the performance, security, and reliability of applications. This topic describes how to use Istio to deploy the Bookinfo application in a self-managed Kubernetes cluster that is connected to Elastic Container Instance by using a VNode.

Background information

Istio is an open source service mesh platform that is used to manage traffic between microservices and handle network communications and security risks. Istio can be integrated with Kubernetes to provide standard and secure traffic management and simplify deployment and O&M work.

Bookinfo imitates a single catalog entry of an online bookstore to display information about a book, including the description of the book, book details such as ISBN and number of pages, and reviews about the book. Bookinfo is a heterogeneous application and consists of four microservices that are written in different languages to demonstrate various Istio features. The end-to-end architecture of Bookinfo:

bookinfo

Productpage: a Python microservice that calls the Details and Reviews microservices to generate a page. The Productpage microservice provides the logon and logoff features.
Details: a Ruby microservice that contains book information.
Reviews: a Java microservice that contains book reviews. The Reviews microservice has the following three versions:
- Version 1, which does not call the Ratings microservice.
- Version 2, which calls the Ratings microservice and rates a book by using one to five black stars.
- Version 3, which calls the Ratings microservice and rates a book by using one to five red stars.
Ratings: a Node.js microservice that provides ratings generated based on book reviews.

For more information, visit Istio.

Prerequisites

The description in this topic is applicable to self-managed Kubernetes clusters. Make sure that your cluster meets the following conditions:

A VNode is deployed in the self-managed Kubernetes cluster.
If the self-managed Kubernetes cluster is deployed in a data center, the data center is connected to Alibaba Cloud.
If the self-managed Kubernetes cluster is deployed on an Elastic Compute Service (ECS) instance and the network plug-in is Flannel, make sure that the Kubernetes cloud control manager (CCM) is deployed in the cluster. This ensures that Elastic Container Instance is interconnected with the pods on real nodes. For more information, see Deploy the CCM.

Preparations

Install Istio. For more information, see Getting Started.

Create a namespace and configure labels for the namespace.

kubectl create namespace istio-test
kubectl label namespace istio-test istio-injection=enabled

Procedure

Deploy the Bookinfo application

Create a file named bookinfo.yaml and copy the following template into the file:

Note

In the following YAML sample code, nodeSelectors are added to schedule pods to VNodes. You can also configure eci-profile to schedule pods to VNodes. For more information, see Schedule pods to a VNode and Use eci-profile to schedule pods to a VNode.

Unfold the bookinfo.yaml file

# Copyright Istio Authors
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

##################################################################################################
# This file defines the services, service accounts, and deployments for the Bookinfo sample.
#
# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
#
#   kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
#
# Alternatively, you can deploy any resource separately:
#
#   kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
#   kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
#   kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
##################################################################################################

##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: details
  labels:
    app: details
    service: details
spec:
  ports:
  - port: 9080
    name: http
  selector:
    app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: bookinfo-details
  labels:
    account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: details-v1
  labels:
    app: details
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: details
      version: v1
  template:
    metadata:
      labels:
        app: details
        version: v1
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-details
      containers:
      - name: details
        image: docker.io/istio/examples-bookinfo-details-v1:1.16.4
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9080
        securityContext:
          runAsUser: 1000
---
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: ratings
  labels:
    app: ratings
    service: ratings
spec:
  ports:
  - port: 9080
    name: http
  selector:
    app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: bookinfo-ratings
  labels:
    account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ratings-v1
  labels:
    app: ratings
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ratings
      version: v1
  template:
    metadata:
      labels:
        app: ratings
        version: v1
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-ratings
      containers:
      - name: ratings
        image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.4
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9080
        securityContext:
          runAsUser: 1000
---
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: reviews
  labels:
    app: reviews
    service: reviews
spec:
  ports:
  - port: 9080
    name: http
  selector:
    app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: bookinfo-reviews
  labels:
    account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reviews-v1
  labels:
    app: reviews
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: reviews
      version: v1
  template:
    metadata:
      labels:
        app: reviews
        version: v1
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-reviews
      containers:
      - name: reviews
        image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.4
        imagePullPolicy: IfNotPresent
        env:
        - name: LOG_DIR
          value: "/tmp/logs"
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        - name: wlp-output
          mountPath: /opt/ibm/wlp/output
        securityContext:
          runAsUser: 1000
      volumes:
      - name: wlp-output
        emptyDir: {}
      - name: tmp
        emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reviews-v2
  labels:
    app: reviews
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: reviews
      version: v2
  template:
    metadata:
      labels:
        app: reviews
        version: v2
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-reviews
      containers:
      - name: reviews
        image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.4
        imagePullPolicy: IfNotPresent
        env:
        - name: LOG_DIR
          value: "/tmp/logs"
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        - name: wlp-output
          mountPath: /opt/ibm/wlp/output
        securityContext:
          runAsUser: 1000
      volumes:
      - name: wlp-output
        emptyDir: {}
      - name: tmp
        emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reviews-v3
  labels:
    app: reviews
    version: v3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: reviews
      version: v3
  template:
    metadata:
      labels:
        app: reviews
        version: v3
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-reviews
      containers:
      - name: reviews
        image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.4
        imagePullPolicy: IfNotPresent
        env:
        - name: LOG_DIR
          value: "/tmp/logs"
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        - name: wlp-output
          mountPath: /opt/ibm/wlp/output
        securityContext:
          runAsUser: 1000
      volumes:
      - name: wlp-output
        emptyDir: {}
      - name: tmp
        emptyDir: {}
---
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
  name: productpage
  labels:
    app: productpage
    service: productpage
spec:
  ports:
  - port: 9080
    name: http
  selector:
    app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: bookinfo-productpage
  labels:
    account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: productpage-v1
  labels:
    app: productpage
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: productpage
      version: v1
  template:
    metadata:
      labels:
        app: productpage
        version: v1
    spec:
      nodeSelector:     # Configure a nodeSelector.
        k8s.aliyun.com/vnode: "true"
      tolerations:      # Configure a toleration.
      - key: k8s.aliyun.com/vnode
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      serviceAccountName: bookinfo-productpage
      containers:
      - name: productpage
        image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.4
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        securityContext:
          runAsUser: 1000
      volumes:
      - name: tmp
        emptyDir: {}
---

Deploy the Bookinfo application.
```
kubectl -n istio-test apply -f bookinfo.yaml
```
The following command output is returned:
View the status of Bookinfo.
```
kubectl -n istio-test get pods -o wide
```
The following command output is returned:
Check the micorservices of Bookinfo.
```
kubectl -n istio-test get services
```
The following command output is returned:

Deploy an Istio gateway

Create a file named bookinfo-gateway.yaml and copy the following template into the file:

Unfold the bookinfo-gateway.yaml file

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080

Deploy an Istio gateway.
```
kubectl -n istio-test apply -f bookinfo-gateway.yaml
```
The following command output is returned:
View the Istio gateway.
```
kubectl -n istio-test get gateway
```
The following command output is returned:

Verify the microservices of Bookinfo

Obtain the host address of the Istio gateway.
Select an Istio Ingress Service based on the cluster type. In this topic, select LoadBalancer as the Istio Ingress Service.
```
kubectl -n istio-system get service istio-ingressgateway
```
The following command output is returned:
The istio-ingressgateway parameter of the returned message indicates the host address (in the IP:Port format) of Istio Ingress Gateway. In this topic, the host address is 10.96.XX.XX:80.

Create a test pod to verify the microservices of Bookinfo.

Create a file named test-pod.yaml and copy the following template into the file:

Unfold the test-pod.yaml file

apiVersion: v1
kind: Pod
metadata:
  name: centos
spec:
  nodeSelector:    
    k8s.aliyun.com/vnode: "true"
  tolerations:      
  - key: k8s.aliyun.com/vnode
    operator: "Equal"
    value: "true"
    effect: "NoSchedule"
  containers:
  - name: eip
    image: registry-vpc.cn-shanghai.aliyuncs.com/eci_open/centos:7
    command:
    - bash
    - -c
    - sleep inf

Deploy the pod.
```
kubectl apply -f test-pod.yaml
```

Log on to the test pod and run the following commands to verify the microservices of Bookinfo.
```
kubectl exec -it centos -- bash
```
```
curl -s http://10.96.XX.XX:80/productpage | grep -o "<title>.*</title>"
```
Replace 10.96.XX.XX:80 with the host address that you obtained in step 1. If <title>Simple BookStore App<title> is returned, Istio runs on the VNode. Sample command output: